Financially motivated attacks part of Andariel expansion

Despite being initially involved in cyberespionage campaigns targeted at exfiltrating sensitive nuclear weapons and artillery information upon its emergence 15 years ago, North Korean advanced persistent threat operation Andariel, also known as APT45, has since expanded its operations with global financially motivated ransomware intrusions, reports The Record, a news site by cybersecurity firm Recorded Future.

Attacks against defense and government organizations worldwide have enabled APT45 to steal information regarding missiles and missile defense systems, nuclear power plants, radar systems, fighter aircraft and unmanned aerial vehicles, and satellites, among others, an analysis from Mandiant revealed. "As the country has become reliant on its cyber operations as an instrument of national power, the operations carried out by APT45 and other North Korean cyber operators may reflect the changing priorities of the country’s leadership," said Mandiant researchers, who called for increased global coordination in curbing the continuously evolving threat posed by APT45. Such a development comes five years after the threat operation was subjected to U.S. Treasury sanctions for its attacks against South Korean government and critical infrastructure.